Over the weekend, the Google blog was hacked and someone made a fake post stating Google was discontinuing their Click-To-Call service. A few weeks ago, Randy Charles Morin's blog was reportedly hacked using a new unknown and unpatched exploit by Jason Schramm known as the Host Overflow Application eXception.
Now,some people are putting one and one together and assuming Google's blogwas hacked via the unpatched Host Overflow Application eXception. Theproblem? The Host Overflow Application eXception appears to be a HOAX(follow the capital letters). Jason followed up with a post to his blogwith a supposed patch. The patch itself just would add a footer to onesblog with the text:
Host Overflow Application eXcepton = HOAX
You are gullible, but what if this plugin was malicious?
While Jason and Randy probably think their hoax is funny, or atleast are attempting to drive traffic to their site, these kinds ofhoaxes just make our whole life more difficult as we waste time vettingout fake zero-day exploits from ones really being used in the wild.
While we attempt to determine how Google was affected, you can keep up with verified vulnerabilities at Security Focus and more critical ones at Symantec's vulnerabilities page.